You have been there. You look for a better way to collaborate with photos, videos, medical records and conversation. You decide the price is right. You look forward to making things more efficient and better. You will be glad to decrease readmissions and trips from Long Term Care Home and Skilled Nursing Facility and back again. You are eager to start.

Inurement: a word whispered in the back of your mind. You check with legal. The response: don’t help the patient, don’t help the institution, don’t help the provider. Better to look the other way while HIPAA laws are broken left and right.

An unintended consequence of legislation usually called the Stark Law, authored by Rep. Stark of California was to make sure that compensation could not be hidden and that competition was fare. The common case was low rent in exchange for exclusive admissions.

It is increasingly well documented, and increasingly being made obvious by various government entities, that value based healthcare requires sharing of revenue and risk. If a hospital or a physician buys iClickCare for its great advantage and gives it to non salaried by loyal referral sources -- suddenly these legal issues make that look like a "kickback."

Should you wait? We advise providers not to, because the costs related to poor care coordination and HIPAA compliance issues are just too high to not take action. As for Stark, we can support you in creating different arrangements to keep you legal from Stark and HIPAA -- at the same time.

Irrespective of ROI, irrespective of jail time, irrespective of public shaming, irrespective of patient rights and privacy, we often hear from our colleagues: “I am emailing and texting patient stuff. I asked the patient! After all, I am a medical professional and acting on their behalf."

When I hear this, I feel real fear for my colleagues -- and dismay. The HIPAA rules are clear and the law is being enforced. The fines are big, and a year in jail is not appealing.

That is why we were confused about reports surrounding the recent tragedy in Orlando. Orlando Mayor Buddy Dyer told television reporters that he had asked the White House to waive HIPAA.

We certainly applaud the motivation in terms of caring for people -- but the reality is that even a tragedy of that magnitude, and likely even a White House clearance, would not keep providers safe. We all know that the law has real teeth, not the least being that anyone in a chain of events is liable (the administrator for the doctor, the doctor for the administrator). So how could a waiver be granted? The law becomes both complex and obtuse about the release of patient information to family members and the media. We are very aware of cases where grown children with an admission for psychiatric disease are isolated and essentially jailed while the parents with whom they live are not allowed to learn and intervene. In a chaotic situation, the difficulties compound.

The truth is that HIPAA is a big deal if you're in the medical field, period. When we talk about healthcare collaboration and telemedicine, though, people can be even more concerened about cyber security dynamics.

There are concerns at the institutional level, of course. But for individual healthcare providers, it can feel like we're burdened by the responsibility to protect PHI from HIPAA breaches, without the tools or information to do so effectively.

So we were interested to hear the insights offered recently by Michael Kaiser, executive director of the National Cyber Security Alliance.

Here are some of his best tips for staying cyber-safe as an individual healthcare provider:

We encourage providers to innovate and care for patients, despite the bureaucratic deluges that sometimes feel as thought they'll drown us. But it doesn't have to be hard to stay HIPAA-safe, even when using a telemedicine tool -- and it is important.

One thing many providers do is bring a smartphone or other device from home, into the medical context. You can download our white paper on staying HIPAA safe with BYOD (Bring Your Own Device) policies here:

Even my 4-year-old granddaughter knows what a silo is: the iconic brick, wood, concrete, or metal structure that keeps one harvest from another on a farm. With all the change in agriculture, we would actually be hard pressed to find a farm with the iconic silo, but still.

The silos in health care are infamous, rather than iconic. The physical barriers are reinforced with regulatory barriers, time constraints, virtual constraints, and -- most unfortunately -- attitudes.

Look around you and notice all of the physical constraints. Do you remember them being as pervasive even just a few years ago?

Key cards

Locked file rooms

Locked drawers

ID cards

Files face-down

Disconnected hallways

Tree lined atrium replaced by cubicled offices

Windows blocked by required notices

Distances across town, across farmland, or just down the hall

Diverse institutions. Long Term Care, Home Care and Hospitals

Of course, with technology so integrated with our days, there are also the virtual barriers we experience:

Log ons and passwords

Telephone tag

Not enough integration

Too much integration and too much data

Packed email boxes

And, saddest of all, we have attitudes that separate us:

Not my job.

Competition. True story, overheard at a medical meeting in an urban center.... Older chairman of department to you surgeon: “Yes, I will grant you privileges, as long as you just do emergencies and never do cosmetic surgery. Welcome.”

Outside of my scope of practice.

I’m not allowed to do that.

I’m just doing what I am told.

I’m not comfortable with that.

I don’t do that often enough.

That is too time consuming.

Medicine is a business. It needs to be run like Disney.

It is not enough to blog about it. It is not enough to complain. Each of us should do something, but where should we start? "We" meaning all of us; lab techs, aides, super-specialists, advanced practice nurses, doctors of what ever board certified -ology should get started!

We are not going to change HIPAA and the legions of other state and federal regulations, at least not right away. There are not enough of us to protest (maybe there are and we merely need the 17 year old Hong Kong activist to lead us). We will not get doors unlocked, IDs removed, logons discarded. So, the only thing left, and indeed the core of the problem, is our attitude. We need to regard the patient as our responsibility, not our institution's responsibility. We need more us and we, and less them and you in our language and in our thought. We need technology that promotes these good attitudes, not technology that blocks them. We need technology that empowers action based on these attitudes, not technology that dispirits them.

A colleague of mine works in the Appalachian mountains. She's a committed practitioner who works with rolling green hills out the window, cultivates close relationships with every patient, and has a great breadth of skill.

What she does not have nearby is a Diabetes specialist. The closest Diabetologist is in Washington, DC, more than 3 hours away. And whenever a consult is needed, the specialist inevitably wants a long look at the patient files before offering advice. So when my friend in Applachia needs to get a consult and so needs to "share" the patient file with that specialist, she usually does it by driving the 200 miles to his office.

Recently, however, this provider asked me if there is any better way: "Can I upload and share patient files using telemedicine?" The answer is yes. There are certainly ways to use today's technology to safely and efficiently share patient files with colleagues, without running afoul of HIPAA -- or having to drive 3 hours. However, there are some key things to keep in mind so that patient data stays safe and the provider doesn't run into hassles.

How to send patient files without HIPAA headaches:

If it doesn't promise it is HIPAA-compliant, don't use it. We hear providers talking about using Google Docs, Dropbox, text messaging, email, and even Facebook to send patient information. The problem with every single service in that list? They're not HIPAA-compliant. Stay away from these platforms when it comes to patient data, and only use a medium that promises to keep you, and the patient, safe.

Consider hybrid store-and-forward telemedicine. Because it is a hybrid store-and-forward model, when you upload a PDF of a patient file to ClickCare (or send questions, pictures, or video), the consulting provider doesn't have to be available on your timeframe. The data will sit there until they're ready to review -- safely -- and you can review their response on your own time as well.

If you're texting, do it securely. Although regular text messages are not secure and can't be used for patient information, there are secure text messaging services available. So if you don't need to send a full patient file, don't need to include pictures, and don't need to review treatment or teach, secure text messaging can be a good way to go.

Be skeptical of the "easy way." The two most common ways that providers share patient information are either by driving patient files to other offices or talking about histories and conditions in the elevator. Driving, of course, is a huge time-waster and isn't scalable or sustainable. And it turns out that provider-to-provider conversations in the elevator are actually the most common HIPAA breach. So while we always encourage face-to-face conversations with colleagues -- in the elevator, or elsewhere -- we suggest using those conversations to connect as people... and use the technology available to send the actual patient information.

Looking for more guidance on staying HIPAA-safe?

Image courtesy of stephanieasher on flickr.com, used under Creative Commons rights.

Increasingly, taking photos is a part of our lives. We snap photos when we're out at dinner or on a trip. And we certainly want to take a picture when we see an interesting case or need to remember or share something about a patient.

Once a photo is on your phone, it is tempting to email or text it, both of which are in conflict with HIPAA.

Photos on your camera roll may be susceptible to access by apps that are not HIPAA compliant.

So what is a person to do? It seems ridiculous to choose not to use technology in service of patient care. Here is the good news: you can and should use your iPhone or other smartphone for medical photography. In fact, we think that medical photography is a simple, powerful way to improve how we care for patients and make our lives as providers a little easier.

So here is a checklist to make sure that your medical photos are secure and useful:

Understand HIPAA. You don't need to drive yourself crazy, but a little understanding of the fines and penalties goes a long way

Never put patient photos into your regular camera roll. Sometimes smartphone apps (with the exception of iClickCare) pull from your camera roll-- even sharing pictures without your knowledge. And even if that doesn't happen, your camera roll only has one layer of security -- the login password on your smartphone. So when dealing with patient photos, we recommend using a secure app like iClickCare that doesn't ever save photos to your camera roll. You'll know your pictures are safe, and used only for your purposes.

As we transition out of the holidays and into the new year, we start to move faster. Our days are busy, we're preparing for yearlong projects, and patients are packed into the schedule following vacations.

In our practice, we've noticed that as we start to move faster, details suffer. The first detail to go? HIPAA compliance. And despite our prioritization of patient care, HIPAA violations are no minor consideration,as we all have come to know.

So as the 2014 kicks into gear, we wanted to share our favorite easy tips for staying HIPAA safe and compliant.

3 simple ways to stay HIPAA compliant:

Only use apps that promise HIPAA compliance. Some apps may feel safe, or even say they are "secure", but unless they explicitly promise they are HIPAA-compliant or HIPAA-secure, we'd be wary.

Check your email settings. Although email can't be used for medical collaboration, we use it for so many things that HIPAA complications can sneak in. So we created a guide to make sure your settings help you, rather than hinder.

We've found that small ways of keeping on top of regulatory issues end up keeping us on track even better than more intensive strategies. So keep it simple -- and stay HIPAA safe.

Telemedicine can bring HIPAA issues, but doesn't have to. Get our guide here:

This post was originally published on July 24th. Since this piece of our website was not working for all viewers, we're republishing some selected posts this week.

Protecting patient privacy is a good thing. If a patient's medical information gets into the wrong hands, it can make it hard to get a job, complicate relationships, and have financial consequences -- so privacy and HIPAA are important and serious.

But the truth is that HIPAA is causing healthcare provider burnout. As we've talked about in other posts, up to half of physicians are burned out, which has real ramifications: physicians experiencing burnout are more prone to errors, less empathetic, and more likely to quit practicing altogether

And HIPAA is one factor contributing to this burnout, by:

Disconnecting you from patients. HIPAA-induced wariness about sharing information with patients or patients' families can start to create barriers to interacting. With so many rules about what is allowed to be shared, to whom, and when, some providers shut down.

Wasting time with extra forms and EMRs. Most providers report that paperwork (even if it's electronic "paperwork") is at an all-time high, and HIPAA is a strong driver.

Causing anxiety about getting in trouble.These days, even a simple conversation, phone call, or (gasp!) text message can start to feel hugely risky. That stress contributes to the overall stress of providing healthcare and accelerates burnout.

So what is to be done? Well, there's a lot you can do, actually. First of all, when you acknowledge the ways HIPAA creates challenges in your practice, it makes you less likely to blame the people around you. Second, when you notice ways that HIPAA is making connection difficult, you can address it in your workflow. For instance, many of ClickCare's users tell us that ClickCare saved them a lot of stress -- as well as time -- because they didn't have to "reinvent the wheel" around HIPAA-safe collaboration. And finally, when you accept that HIPAA rules and constraints might be creating a feeling of disconnection with patients, you can get creative about ways to connect with them even within those constraints.

As with most things, the first step is recognizing the dynamic. Like William James said, "Acceptance of what has happened is the first step to overcoming the consequences of any misfortune." HIPAA is no exception.

For an overview of the HIPAA/HITECH Omnibus Rule 2013, click the button:

Let us know your comments about the blog article, and tell us which topics you would like us to write about in future blog articles.

HIPAA? I know about it, but I text anyway because it is good patient care.

Do you really want to say that?

Our advice: Don’t even think about it! And moreover, forget it and move on -- there is too much to worry about that you can change, and this, you can’t.

We are taught to understand as well as follow. Here is some understanding.

The Federal Register, on January 25, 2013, added another 563 pages (78 Fed Reg. 5566) to the voluminous hundreds of pages that constitute three acts over the past 17 years. These are HIPAA, HITECH and GINA, and an entire industry has been built on these rules. The 563 pages as a totality constitute the Omnibus Rule of 2013.

What does all of this mean to us providers? What does all of this mean to us who help providers? Since this post is conversing with patient care professionals, many of whom are mere HIPAA laymen, these answers are brief and focused.

Four main points for day-to-day care:

1. There is increased penalty and enforcement.

2. Business associates are responsible for all their subcontractors. Did a cleaning lady, employed by a cleaning service pick up a CD? Reasonable Cause -- an act or omission in which a CE or BA knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the CE or BA did not act with willful neglect.

3. Any disclosure of PHI will be presumed to be a breach, and HHS will, not may, investigate.

4. Individuals have enhanced rights to obtain electronic copies of their records. With this, is an enhanced right to restrict disclosure of PHI. Patients who pay solely for care by cash can restrict release to insurance companies and billers.

Some collateral damage to be aware of:

Schools -- Immunizations can be shared.

Research -- Special notes about current research releases, and how they may apply to future analysis of the same data with different research.

Genetics -- Genetic information is protected and cannot be used against the patient.

Marketing and Fundraising -- Defines how information is used. Can you ask for money from patients for a cause you know that they are near and dear to?

Notification -- You may have to send new notifications to your patients about your privacy policy. Did you ever get one of those from your credit card company?

How much time is there to comply?

The final rule was announced on January 25, 2013. It is effective March 26, 2013 (including penalties), and compliance (such as notifications) must be completed by September 23, 2013.

Cost and Conclusion.

The cost of all of this...114 to 225.4 million dollars (government estimate, your experience may vary). In 2011, the CDC estimates 1 billion physician office visits. That works out to 23 cents per visit.

Finally, there is a lot to this and a lot to read. Download the "Omnibus Rule -- High Overview" to learn more and send you speedily on your way.

Let us help assure funding continuation by making it easier for your project to access care for patients, empower providers to collaborate and educate future providers. A common thread found in the many, many of the awardees, is care coordination and that is the mission of ClickCare as recently described in the NYTimes and in a shout out by Steve Wozniak at the American Telemedicine Association.

CMS says that the following is involved for the continuation of funding:

Rapid implementation, 6 months or sooner:ClickCare stands ready, with its agility, compliance and quick implementation. Six months can pass alarmingly quickly, especially when a program is being launched. December 6 is predated by summer, Thanksgiving, and the holiday season. That is not much time to work. We invite you to piggyback on 16 years of experience and software development.

Workforce development and deployment:Their frequent references to using midlevel providers to provide care. This is certainly a topic of our times, but is it innovative? What about collaborating with those who are really at the bedside, home and workplace? And doing it in a simple and user friendly manner!

Efficient and sustainable use of funds:Implementing iClickCare involves a software subscription on the internet, iPad or phone for a very low price that is further discounted for volume customers

Reporting and monitoring:iClickCare can provide both consultation and service to allow each member of your team to not only transfer data, communicate, coordinate, but also collaborate. Everything is archive and pdf reports show usage.

We at ClickCare stand ready to help you meet your goals of improving healthcare in our country!